Using the Logsign USO Platform WEB interface, click the Settings -> Integrations -> Responses tab.
Then click on the + Device button in the top right corner of the page. A window titled Add Device will appear.
Vendor: Choose PaloAlto as brand knowledge.
Host: The IP address of the PaloAlto device/product to be integrated with Logsign USO Platform.
Key: Key information that will provide the link between the PaloAlto device/product that will work with Logsign USO Platform. If you click on the question mark at the end of the line, you will see an informative text below the window with http (s): // HOST_ADDRESS / api /? Type = keygen & user = USER_NAME & password = PASSWORD. Copy and paste it into the address bar of our internet browser.
Then you need to change a few parameters on the link.
As shown in the example below, click on the Enter button after editing our link. http://10.10.X.XXX/api/?type=keygen&user=admin&password=admin
The key information starting with </key> will become up. We are copying the key information without leaving a space and pasting it on the Key line in the window titled + Device.
Virtual System: Logsign USO Platform product uses Vsys1 by default.
Protocol: Determine the protocol over which the connection will be made.
After filling in the required information, click the Save button to save the settings.
The following step is to add the address group you want to be affected by the Logsign USO Platform product in our PaloAlto security device/product.
Once you reached the PaloAlto security device/product via your internet browser, click on the Objects -> Address Groups tab in the menu bar. The content of the address group that you want to take action on should be as follows.
Determine a name for definiton information, write BlockedUsers in this example.
Type: Choose the Dynamic option to want the list to be updated with evolving events.
Match: Determine the knowledge of the action to be taken. Set it as 'block.'
Then click the OK button to save our settings.
The following action will be to create a rule for the "action device" to be made. Click the Add Rule button on the same page.
Fill in the information for the address group you have created in the PaloAlto security device/product on the opening page to define the Logsign USO Platform product.
Fill in the information for the address group you have created in the PaloAlto security device/product on the opening page to define the Logsign USO Platform product.
Vendor: Brand info is automatically selected for performing operations on Palo Alto.
Group Name: Write the name of the address group that you created in the PaloAlto security device/product. Use as BlockedUsers in this example.
Match Key: Determine which command the address group you created in the PaloAlto security device/product will take action against.
Expire Time: You can determine how long the rule we will create is valid. Determine to be Permanently because you want to be permanent in this example.
Then click the Save button to save the rule.
You need to connect the security policy that you created for your PaloAlto security device/product to the BlockedUsers address group.
After accessing the PaloAlto security device/product via your internet browser, you can configure the security policy that you created after clicking on the Policies -> Security tab in the menu bar.